After experimenting for a while, I’ve found a few key tools that have proven to be useful.

Note that I utilize a Digital Ocean VPS for most of the CLI tools. I rely on XMind and Obsidian to stay organized.

Subfinder #

Subfinder enables me to quickly discover subdomains associated with the target. To get the most out of the tool, I include my third party API keys.

Once I have the subdomains, I probe multiple ports with httpx to identify any potential web applications running on them.

Ffuf #

Ffuf is a versatile web fuzzing tool that I use to discover files, directories, subdomains, virtual hosts and suspicious behaviour in web applications.

Seclists #

Seclists provides a range of lists, including wordlists such as “big-list-of-naughty-strings.txt” and the Raft wordlists, which I use based on the target. Another great resource is Assetnote which offers regularly updated wordlists.

PayloadsAllTheThings is a useful resource to comprehend attack techniques, bypasses and payloads.

Caido #

Caido is an essential part of my toolkit. The Replay page has become a favored feature, as it allows me to manually modify and replay requests.

Firefox #

My primary browser is Firefox which I use along with the following extensions:

• FoxyProxy: A must have when utilizing Burp Suite as it allows me to switch between proxy settings in Firefox with a single click.

• Wappalyzer: Quick way to identify the technologies used by a website.

• Open Multiple URLs: Handy extension to open multiple URLs in separate tabs.

• Firefox Multi-Account Containers: Enables me to have different accounts on separate tabs, useful for when I need to test different user accounts or roles.

• Firefox Developer Tools: I often find myself using DevTools for discovering interesting elements, analyzing behavior, and debugging.